diff options
Diffstat (limited to 'arch/powerpc/kernel/sys_ppc32.c')
| -rw-r--r-- | arch/powerpc/kernel/sys_ppc32.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/arch/powerpc/kernel/sys_ppc32.c b/arch/powerpc/kernel/sys_ppc32.c index 5e391fc25340..d15c33e95959 100644 --- a/arch/powerpc/kernel/sys_ppc32.c +++ b/arch/powerpc/kernel/sys_ppc32.c | |||
| @@ -69,16 +69,20 @@ struct readdir_callback32 { | |||
| 69 | }; | 69 | }; |
| 70 | 70 | ||
| 71 | static int fillonedir(void * __buf, const char * name, int namlen, | 71 | static int fillonedir(void * __buf, const char * name, int namlen, |
| 72 | off_t offset, ino_t ino, unsigned int d_type) | 72 | off_t offset, u64 ino, unsigned int d_type) |
| 73 | { | 73 | { |
| 74 | struct readdir_callback32 * buf = (struct readdir_callback32 *) __buf; | 74 | struct readdir_callback32 * buf = (struct readdir_callback32 *) __buf; |
| 75 | struct old_linux_dirent32 __user * dirent; | 75 | struct old_linux_dirent32 __user * dirent; |
| 76 | ino_t d_ino; | ||
| 76 | 77 | ||
| 77 | if (buf->count) | 78 | if (buf->count) |
| 78 | return -EINVAL; | 79 | return -EINVAL; |
| 80 | d_ino = ino; | ||
| 81 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) | ||
| 82 | return -EOVERFLOW; | ||
| 79 | buf->count++; | 83 | buf->count++; |
| 80 | dirent = buf->dirent; | 84 | dirent = buf->dirent; |
| 81 | put_user(ino, &dirent->d_ino); | 85 | put_user(d_ino, &dirent->d_ino); |
| 82 | put_user(offset, &dirent->d_offset); | 86 | put_user(offset, &dirent->d_offset); |
| 83 | put_user(namlen, &dirent->d_namlen); | 87 | put_user(namlen, &dirent->d_namlen); |
| 84 | copy_to_user(dirent->d_name, name, namlen); | 88 | copy_to_user(dirent->d_name, name, namlen); |
| @@ -120,15 +124,20 @@ asmlinkage long ppc32_select(u32 n, compat_ulong_t __user *inp, | |||
| 120 | 124 | ||
| 121 | int cp_compat_stat(struct kstat *stat, struct compat_stat __user *statbuf) | 125 | int cp_compat_stat(struct kstat *stat, struct compat_stat __user *statbuf) |
| 122 | { | 126 | { |
| 127 | compat_ino_t ino; | ||
| 123 | long err; | 128 | long err; |
| 124 | 129 | ||
| 125 | if (stat->size > MAX_NON_LFS || !new_valid_dev(stat->dev) || | 130 | if (stat->size > MAX_NON_LFS || !new_valid_dev(stat->dev) || |
| 126 | !new_valid_dev(stat->rdev)) | 131 | !new_valid_dev(stat->rdev)) |
| 127 | return -EOVERFLOW; | 132 | return -EOVERFLOW; |
| 128 | 133 | ||
| 134 | ino = stat->ino; | ||
| 135 | if (sizeof(ino) < sizeof(stat->ino) && ino != stat->ino) | ||
| 136 | return -EOVERFLOW; | ||
| 137 | |||
| 129 | err = access_ok(VERIFY_WRITE, statbuf, sizeof(*statbuf)) ? 0 : -EFAULT; | 138 | err = access_ok(VERIFY_WRITE, statbuf, sizeof(*statbuf)) ? 0 : -EFAULT; |
| 130 | err |= __put_user(new_encode_dev(stat->dev), &statbuf->st_dev); | 139 | err |= __put_user(new_encode_dev(stat->dev), &statbuf->st_dev); |
| 131 | err |= __put_user(stat->ino, &statbuf->st_ino); | 140 | err |= __put_user(ino, &statbuf->st_ino); |
| 132 | err |= __put_user(stat->mode, &statbuf->st_mode); | 141 | err |= __put_user(stat->mode, &statbuf->st_mode); |
| 133 | err |= __put_user(stat->nlink, &statbuf->st_nlink); | 142 | err |= __put_user(stat->nlink, &statbuf->st_nlink); |
| 134 | err |= __put_user(stat->uid, &statbuf->st_uid); | 143 | err |= __put_user(stat->uid, &statbuf->st_uid); |